From fe4af06e819dbd4cb2107c0165cfbfbe832140e7 Mon Sep 17 00:00:00 2001 From: Frank Brehm Date: Wed, 18 Dec 2024 17:25:03 +0100 Subject: [PATCH] Fixing Ansible playbooks and roles. --- playbooks/disable-ldap-server.yaml | 46 ++++++++-------- playbooks/enable-ldap-server-replication.yaml | 52 +++++++++++++++++++ playbooks/offline-backup-ldap-server.yaml | 40 ++++++++++++++ .../tasks/repl-agmts-suffix.yaml | 6 +-- .../tasks/filesystem.yaml | 2 +- 5 files changed, 121 insertions(+), 25 deletions(-) diff --git a/playbooks/disable-ldap-server.yaml b/playbooks/disable-ldap-server.yaml index ebe3e29..459101d 100644 --- a/playbooks/disable-ldap-server.yaml +++ b/playbooks/disable-ldap-server.yaml @@ -55,12 +55,12 @@ include_role: name: haproxy-check-initial - - name: "Get the LDAP server to disable replication:" + - name: "Get the LDAP server to disable in HAProxy backend." ansible.builtin.set_fact: ldapserver_to_disable: "{{ hostvars.localhost.ldapserver_to_disable }}" cacheable: true - - name: "The LDAP server to disable replication:" + - name: "The LDAP server to disable in HAProxy backend:" debug: var: ldapserver_to_disable verbosity: 0 @@ -110,26 +110,30 @@ var: target_replica_id verbosity: 0 - - name: "Disabling Puppet agent on {{ ldapserver_to_disable | quote }}." - ansible.builtin.shell: | - puppet agent --disable "[$( date +'%Y-%m-%d' )]: Disbled by Ansible playbook 'disable-ldap-server.yaml'." - args: - creates: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock' - when: ldapserver_to_disable == inventory_hostname - - - name: "Disabling Puppet service on {{ ldapserver_to_disable | quote }}." - ansible.builtin.service: - enabled: false - name: puppet - state: stopped - when: ldapserver_to_disable == inventory_hostname - - - name: "Disabling Wazuh service on {{ ldapserver_to_disable | quote }}." - ansible.builtin.service: - enabled: false - name: wazuh-agent - state: stopped + - name: "Disabling services." when: ldapserver_to_disable == inventory_hostname + block: + + - debug: + msg: "Disabling Puppet agent, Puppet service and Wazuh service." + + - name: "Disabling Puppet agent on {{ ldapserver_to_disable | quote }}." + ansible.builtin.shell: | + puppet agent --disable "[$( date +'%Y-%m-%d' )]: Disabled by Ansible playbook 'disable-ldap-server.yaml'." + args: + creates: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock' + + - name: "Disabling Puppet service on {{ ldapserver_to_disable | quote }}." + ansible.builtin.service: + enabled: false + name: puppet + state: stopped + + - name: "Disabling Wazuh service on {{ ldapserver_to_disable | quote }}." + ansible.builtin.service: + enabled: false + name: wazuh-agent + state: stopped - name: "Retrieve all backends." ansible.builtin.shell: "dsconf {{ slapd_instance | quote }} backend suffix list" diff --git a/playbooks/enable-ldap-server-replication.yaml b/playbooks/enable-ldap-server-replication.yaml index 4c405e2..108aaaf 100644 --- a/playbooks/enable-ldap-server-replication.yaml +++ b/playbooks/enable-ldap-server-replication.yaml @@ -120,5 +120,57 @@ vars: target_host: "{{ ldapserver_to_enable }}" +- name: "Enable the given host as a HAProxy backend server." + hosts: haproxy_servers + gather_facts: false + + tasks: + + - name: "Get the LDAP server to enable in HAProxy backend." + ansible.builtin.set_fact: + ldapserver_to_enable: "{{ hostvars.localhost.ldapserver_to_enable }}" + + - name: "The LDAP server to enable in HAProxy backend:" + debug: + var: ldapserver_to_enable + verbosity: 0 + + - name: "Enabling HAProxy backend server ...." + include_role: + name: 'haproxy-enable-backend' + vars: + backend: "{{ haproxy_backend_name }}" + backend_server: "{{ ldapserver_to_enable }}" + +- name: "Enabling Puppet and Wazuh on all LDAP servers." + hosts: ldap_servers + gather_facts: false + + tasks: + + - name: "Enabling services." + when: ldapserver_to_disable == inventory_hostname + block: + + - debug: + msg: "Enabling Wazuh service, Puppet service and Puppet agent." + + - name: "Enabling Wazuh service on {{ ldapserver_to_disable | quote }}." + ansible.builtin.service: + enabled: true + name: wazuh-agent + state: started + + - name: "Enabling Puppet service on {{ ldapserver_to_disable | quote }}." + ansible.builtin.service: + enabled: true + name: puppet + state: started + + - name: "Disabling Puppet agent on {{ ldapserver_to_disable | quote }}." + ansible.builtin.shell: | + puppet agent --enable + args: + removes: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock' # vim: filetype=yaml diff --git a/playbooks/offline-backup-ldap-server.yaml b/playbooks/offline-backup-ldap-server.yaml index bb412a2..acfc6bb 100644 --- a/playbooks/offline-backup-ldap-server.yaml +++ b/playbooks/offline-backup-ldap-server.yaml @@ -70,12 +70,50 @@ var: ldapserver_to_backup verbosity: 0 + - name: "Get active status of Puppet lockfile." + ansible.builtin.stat: + path: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock' + register: stat_puppet_lockfile + + - name: "File stat of Puppet Puppet lockfile." + debug: + var: stat_puppet_lockfile + verbosity: 3 + + - name: "Predefine puppet_already_locked" + ansible.builtin.set_fact: + puppet_already_locked: false + + - name: "Set puppet_already_locked" + ansible.builtin.set_fact: + puppet_already_locked: true + when: stat_puppet_lockfile.stat.exists == true + - name: "Disabling Puppet agent." ansible.builtin.shell: | puppet agent --disable "[{{ cur_timestamp }}]: Disabled by Ansible playbook 'disable-ldap-server.yaml'." args: creates: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock' + - name: "Get status of Wazuh service." + ansible.builtin.systemd: + name: 'wazuh-agent' + register: wazuh_agent_status + + - name: "Predefine wazuh_already_disabled." + ansible.builtin.set_fact: + wazuh_already_disabled: false + + - name: "Status of Wazuh service." + debug: + var: wazuh_agent_status + verbosity: 3 + + - name: "Set wazuh_already_disabled to true." + ansible.builtin.set_fact: + wazuh_already_disabled: true + when: wazuh_agent_status.status.ActiveState != 'active' + - name: "Disabling Wazuh service." ansible.builtin.service: name: wazuh-agent @@ -93,11 +131,13 @@ ansible.builtin.service: name: wazuh-agent state: started + when: wazuh_already_disabled != true - name: "Enabling Puppet agent." ansible.builtin.shell: puppet agent --enable args: removes: '/opt/puppetlabs/puppet/cache/state/agent_disabled.lock' + when: puppet_already_locked != true # vim: filetype=yaml diff --git a/roles/389ds-ensure-repl-agmt/tasks/repl-agmts-suffix.yaml b/roles/389ds-ensure-repl-agmt/tasks/repl-agmts-suffix.yaml index ad5abef..9800477 100644 --- a/roles/389ds-ensure-repl-agmt/tasks/repl-agmts-suffix.yaml +++ b/roles/389ds-ensure-repl-agmt/tasks/repl-agmts-suffix.yaml @@ -88,12 +88,12 @@ --bind-dn {{ replication_manager_dn | quote }} \ --bind-passwd-file {{ replication_manager_password_file | quote }} \ --bind-method {{ ds389_repl_agmt_bind_method | quote }} \ - --frac-list {{ used_frac_list | map('quote') | join(' ') }} \ - --frac-list-total {{ used_frac_list_total | map('quote') | join(' ') }}" + --frac-list {{ used_frac_list | join(' ') | quote }} \ + --frac-list-total {{ used_frac_list_total | join(' ') | quote }}" - name: "Add --strip-list to command for creating replication agreement." set_fact: - create_cmd: "{{ create_cmd }} --strip-list {{ ds389_repl_agmt_strip_list | map('quote') | join(' ') }}" + create_cmd: "{{ create_cmd }} --strip-list {{ ds389_repl_agmt_strip_list | join(' ') | quote }}" when: ds389_repl_agmt_strip_list is not empty - name: "Add --schedule to command for creating replication agreement." diff --git a/roles/389ds-offline-backup/tasks/filesystem.yaml b/roles/389ds-offline-backup/tasks/filesystem.yaml index 78ec8d8..68b2b2d 100644 --- a/roles/389ds-offline-backup/tasks/filesystem.yaml +++ b/roles/389ds-offline-backup/tasks/filesystem.yaml @@ -2,7 +2,7 @@ - name: "Defining target archive file." ansible.builtin.set_fact: - archive_file: "{{ backup_directory }}/backup.{{ slapd_instance }}.{{ filesystem | regex_replace('^/*') | regex_replace('/+', '_') }}.{{ cur_timestamp }}.tar.bz2 }}" + archive_file: "{{ backup_directory }}/backup.{{ slapd_instance }}.{{ filesystem | regex_replace('^/*') | regex_replace('/+', '_') | regex_replace('[*?]') }}.{{ cur_timestamp }}.tar.bz2" - debug: msg: "Creating archive {{ archive_file }} from directory {{ filesystem | quote }}." -- 2.39.5